Constant Ciphertext Length in Multi-Authority Ciphertext Policy Attribute Based Encryption

Nishant Doshi Computer Engineering Department

S V National Institute of Technology, Surat, India doshinikki2004@gmail.com

Devesh Jinwala Computer Engineering Department

S V National Institute of Technology, Surat, Indiadcjinwala@gmail.com

Abstract—In Ciphertext Policy Attribute Based Encryption (CP-ABE)a previously defined association between the attributes of a user and the ciphertext associated with these attributes is exploited to determine the secret key of the user. However, for a user with multiple attributes, the length of the key depends on the number of attributes. The existing methods that use reasonably computable decryption policies produce the ciphertext of size at least linearly varying with the number of attributes. In this paper, we propose two schemes. One scheme is of variable length based on Bethencourt et al. construction. In second scheme, the ciphertext remains constant in length, irrespective of the number of attributes. It works for a threshold case: the number of attributes in a policy must be a subset of attributes in a secret key. The security of scheme is based on Decisional Bilinear Diffie-Hellman (DBDH) problem.

Keywords-Attribute; Attribute based encryption; ciphertext policy; constant ciphertext length, multi-authority.

I. INTRODUCTION Encryption is the one of primitive that provides security and confidentiality to the digital communications. In traditional symmetric key cryptography (SKC),the sender and receiver both share the same secret key. However, use of the SKC is besieged with the problems related to the key distribution and management. On the other hand, the Public Key Cryptography (PKC) proposed to circumvent key management issues is not efficient in a multicast setup as also for bulk encryption/decryption [1]. In addition the PKC suffers from the complexity in key assignment and certificate management issues. Identity Based Encryption (IBE) was proposed to obviate the need for a user to possess a certificate obtained using PKI, a priori IBE, proposed first in [2] relies on using the global identities of a user as his public key, with the corresponding (i.e. associated with his identity) private key being assigned by a globally trusted Key Generation Centre (KGC) after due authentication of a user. Any user could encrypt a message using the global identity of the destined user, whereas a user, whose identity in his secret key matches with the same in the ciphertext, alone would be able to decrypt the same. In the traditional IBE systems, the identity of a user is specified using either the name, the email ID, or the network address – a string of characters. This makes it cumbersome

to establish the necessary correlation between a user’s identity (in his private key) and the same associated in the ciphertext that he intends to decrypt. This is so, because even slight mismatch would render the match as a failure. Hence, in a variant of the traditional IBE, the identity is specified in the form of descriptive attributes. In the first of such scheme proposed as Fuzzy Identity Based Encryption (FIBE) in [3], a user with identity W could decrypt the ciphertext meant for a user with identity W’, if and only if |W - W’| > d, where d is some threshold value defined initially. In [4], the authors propose more expressive ABE schemes in the form of two different systems viz. Key Policy Attribute Based Encryption (KP-ABE). In KP-ABE, a ciphertext is associated with a defined set of attributes and user’s secret key is associated with a defined policy containing those attributes. Hence, the secret key could be used successfully only if the attribute access structure policy defined in the key, matches with the attributes in the ciphertext. As compared to the same, the authors in [5] propose a fully functional Ciphertext Policy Attribute Based Encryption (CP-ABE) in which a user’s secret key is associated with a defined set of attributes and the ciphertext is associated with a defined policy. In [6], the authors propose a protocol for conversion from KP-ABE to CP-ABE. One of the limitations of CP-ABE schemes is that the length of ciphertext is dependent on the number of attributes. That is, with s being the number of attributes involved in the policy, the ciphertext length is O(s3).

An efficient construction of the CP-ABE in terms of ciphertext length can be found in [7-8]. In these schemes, the size of ciphertext depends linearly on the number of attributes. For example in (t,n) threshold scheme, with t or more attributes to be used of out a total of n attributes for decryption by a user, the size of the ciphertext is either n+O(1)[7] OR 2(n-t)+O(1) [8]. Both these schemes are based on the secret sharing schemes by Shamir [9] and use the monotonic access structure. In [10], the size of ciphertext is 2n+O(1). However, as is clear from these expressions itself the ciphertext length in all these cases is dependent on the number of attributes in one way or the other. Ideally, one would desire to break this relationship further and make ciphertext length independent of the attributes.

International Conference on Computer & Communication Technology (ICCCT)-2011

978-1-4577-1386-611$26.00©2011 IEEE 451

The first of such attempt was realized in [11], wherein the authors propose a constant length ciphertext using the (t, t) threshold system i.e. the number of attributes in a user’s secret key is equal to the number of attributes in the ciphertext policy. In addition, this scheme achieves constant secret key length, too. A further improved version is proposed in [12],which is a (t, n)constant length ciphertext ABE scheme. This scheme is based on the dynamic threshold encryption scheme in [13].

Apart from the constant ciphertext length, it is also necessary to ensure the collusion resistance. That is, when a number of users collude to decrypt a ciphertext, they should be able to decrypt the ciphertext only if one of them on his own is able to do so [5].

All of these approaches use a single authority in ensuring either variable or constant ciphertext length with/without collusion resistance. In a single authority system, the entire trust is on the single authority, so if the authority is compromised then the entire system is compromised.

To deal with single point of failure, the traditional approach followed in distributed systems is to distribute the responsibility amongst multiple entities. In [14], the authors propose the idea of a multi-authority system in which there are arbitrary numbers of attribute authorities (AA) with one central authority (CA). Obviously, such schemes require mutual trust between the AAs and the CA. In [15-19] authors propose different approaches to deal with this limitation of the multi authority system.

However, our focus here in this paper is on investigating whether is it possible to ensure constant ciphertext length ABE scheme with collusion resistance using multi-authority approach?

We attempt to propose the first collusion resistant multi authority ABE with the constant size ciphertext. However, our approach necessitates that the attributes in the ciphertext must be a subset of user’s attributes in his secret key. For example, if we had one user Harry with attributes “Name=Harry”, “University = Stanford”, “Branch = EE”. In this scenario, if some arbitrary sender sends a message to all the EE branch students of Stanford University, Harry would be able to decrypt the message because the number of attributes in his policy is the subset of the user’s attributes.

We propose a protocol for the purpose. We believe that our scheme is an improvement over [5] as it works with multi-authorities unlike [5]. The security of our protocol is based on DBDH assumptions as that in [5]

The rest of the paper is organized as follows. In the second section we give the preliminaries which we use throughout the paper and describe the DBDH problem. In section 3 we describe our proposed approach, whereas conclude in the last section with the scope of further work.

II. PRELIMINARIES

A. Notations Most cryptographic protocol requires randomness, for

example generating random secret key. We use x ∈R A to

represent the operation of selecting element x randomly and uniformly from element set A. At some places we use “�” to denote the NULL output. This paper deals with the computational security setting where security was defined based on the string length. For £ ∈ N where N is the set of natural numbers, 1£ denotes the strings of length £. If x is a string then │x│denotes its length, e.g.│1£ │= £.

B. Attribute based encryption 1) Bilinear Group

The security of the CP-ABE system is based on the algebraic group called bilinear groups, which are group with bilinear map. Definition 2.1 (Bilinear map). Assume G1, G2 and G3 are three multiplicative cyclic group of some prime order p. A bilinear map e : G1 × G2 • G3 is a deterministic function that takes as input one element from G1, one element from G2, and output an element in group G3, which satisfies the following criteria.

a) Bi-linearity : For all x ∈ G1, y ∈ G2, a,b ∈ , e (xa,yb)=e (x,y)ab.

b) Non degeneracy: e (g1, g2) • 1 where g1 and g2 are generator of G1 and G2 respectively.

c) must be computed efficiently. Definition 2.2 (Discrete Logarithm Problem). Given two group elements g and h, find an integer a ∈ such that h=ga mod p whenever such integer exist. Definition 2.3 (DBDH assumption). The Decision Bilinear Diffie-Hellman(DBDH) problem in G is a problem, for input of a tuple ( , a, b, c,Z) ∈ G4×GT to decide Z = e( , )abc or not. An algorithm A has advantage in solvingDBDH problem in G if AdvDBDH(A):=|Pr[A( , a, b, c,e( , )abc)=0]• Pr[A( , a, b, c,e( , )z)=0]|• ( ),where e( , )z∈ GT \{e( , )abc}.We say that the DBDH assumption holds in G if no PPT algorithm has an advantage of at least in solving the DBDH problem in G.[11] Definition 2.4 (Access Structure). Let (A1,A2,…,An) be a set of attributes. A collection A⊆ 2{A1,A2,…An} is monotone if

B,C : if B ∈A and B ⊆A then C ∈ A. An (monotone) access structure is a (monotone) collection A of non-empty subsets of (A1,A2,…,An), i.e. A⊆ 2{A1,A2,…An}\{ }. The sets in A are called authorized and the sets that are not in A called unauthorized sets.

C. Multi authority CP-ABE construction It consists of six polynomial time algorithms as follows. 1. Setup: It will take implicit security parameter and

output public parameter MPK and master key MSK. 2. Setup:This algorithm run by AA to generate PK

and SK for attribute i. 3. KeyGen (MSK, u):This algorithm runs by CA to

International Conference on Computer & Communication Technology (ICCCT)-2011

452

create the SK and PK for user u. 4. RequestAttributeSK(PK,u,SKi) : This algorithm run

by AA consist of SK for attribute i and it takes identity of user, public key of user and as an output it adds the attribute i in user u’s secret key.

5. Encrypt (PK, M, A): The encryption algorithm takes as input the message M, public parameter PK and access structure A over the universe of attributes. Generate the output CT such that only those users who had valid set of attributes that satisfy the access policy can only able to decrypt. Assume that the CT implicitly contains access structure A.

6. Decrypt(PK,CT,SK) : The decrypt algorithm run by user takes input the public parameter, the ciphertext CT contains access structure A and the secret key SK contain of user attribute set S. If S satisfies the access tree then algorithm decrypt the CT and give M otherwise gives “•”.

D. Security game setup This game is between challenger and attacker A, where challenger plays role of CA and all attribute authorities. Initialization : The adversary A will sends the challenge access structure to the challenger. Set-Up : The challenger runs Setup (and all AAi setup) and gives MPK to A. Phase 1 :A sends an attribute list L to the challenger for a Extract query where L |≠ . Here Extract is the combinations of KeyGen and RequestAttributeSK. Note that these queries can be repeated adaptively. Challenge :A sends two equal-length messages M0 and M1 to the challenger. The challenger selects μ ∈R {0, 1}, and runs Encrypt. The challenger gives the ciphertext to A. Phase 2 : Same as Phase 1. A sends L’ to the challenger for a query. The challenger answers with a secret key for these attributes. Guess :A outputs a guess μ’ ∈ {0, 1}. The advantage of A is defined as Adv(A):= |Pr(μ’= μ) – |.

III. THE PROPOSED SCHEME

A. Multi authority ABE without constant ciphertext length The proposed scheme consists of 6 algorithms. Setup : This algorithm run by CA and it will choose a bilinear group G0 of prime order p with generator . Then it will choose two exponents , ∈R . Here we assume that MPK is available to all algorithms.

MPK=G0, , h= ,f= / , Y= , . MSK=( , ).

AAi setup : This algorithm run by AA to generate PK and SK for attribute i. It selects exponent ∈R .

PKi= PK’i= /

SKi=

KeyGen (MSK, u):This algorithm runs by CA to create the SK for user u. The algorithm chooses ∈R .

SK= / , PK=

RequestAttributeSK(PK,u,SKi) : This algorithm run by AA consist of attribute i and it takes identity of user, public key of user and as an output it adds the attribute i in user u’s secret key. Note that the AA adds the attribute i in user’s secret key without using the SK of user, so this will prevent the attack of malicious AA. It generates exponent i∈R . H (i) is the universal hash function that is one-way function. Di= / D’i= Encrypt(M,A,PK1,PK2,…,PKN) : This encryption takes as input message M, access structure A and the required public keys of authorities for which sender uses the attributes in access structure A. The working of this algorithm is same as given in [5], the CT (Ciphertext) will be calculated as follows. CT={A, C’=M , , C=hs,

y ∈ Y : Cy= , C’y= } Decrypt(SK,CT) : The decryption algorithm takes secret key of user SK and ciphertext CT as input and return message M if attributes in SK satisfy the access structure of CT otherwise NULL. The working of this algorithm is same as in [5]. The recursive procedure DecryptNode(CT,SK,x) is defined as below. DecryptNode(CT,SK,x) = e(Dx ,Cx) e(D’x ,C’x) = e( / , ) e( , ) = , The algorithm simply begins by calling root node R of tree A. if tree is satisfied than we can calculate T=DecryptNode(CT,SK,R) = , = , . Then algorithms decrypts as follows

C’/(e(C,D)/T) = C’/( e ( hs, / ) / , ) = M

1) Analysis

International Conference on Computer & Communication Technology (ICCCT)-2011

453

The proposed algorithm is an extension of the algorithm proposed in [5] for a single-authority ABE system. We extend the same to include the support for a typical multi authority setup. One more advantage of proposed system is that it ensures the key privacy also as the AAs do not require the user’s private key to add the attribute values – the same can be done using the public key of the user too. The proposed protocol is based on construction of [5], so as [5] is secure thus our protocol is secure under the assumption that challenger plays role of CA and all AAs.

B. Multi authority ABE with constant ciphertext length The proposed scheme consists of 6 algorithms. Here = group of prime order p. Assume U={att1,att2,…,attn} be the set of all possible attributes in universe. Assume Si={ , , , , … , , } be the set of all possible values for atti where ni=|Si|. Here e is the admissible bilinear map function. We assume that and is the two different universal hash function such that , , and also , , , ∈ . Setup: This algorithm run by CA and it will choose a bilinear group G0 of prime order p with generator . Then it will choose two exponents y, ∈R . Here we assume that MPK is available to all algorithms.

MPK=G0, , h= , Y= , . MSK=( , ) AAi setup: This algorithm run by AA to generate PK and SK for attribute i. It selects exponent . ∈R . ∈ 1, , = , , = , KeyGen(MSK,u) : This algorithm run by CA to create the SK for user u. L is the list of attributes that user has, so initially it is empty. The algorithm chooses ∈R .

SK = / , PK = L =

RequestAttributeSK(PK,u,SKi) : This algorithm run by AA consist of attribute i and it takes identity of user, public key of user and as an output it adds the attribute i in user u’s secret key. Note that the AA adds the attribute i in user’s secret key without using the SK of user, so this will prevent the attack of malicious AA. The AA adds the attribute i to the list L of user. Dx= , and L = L + ,

Encrypt(M,W,PK1,PK2,…,PKN) : This encryption takes as input message M, access formula W and the required public keys of authorities for which sender uses the attributes in W. The CT (Ciphertext) will calculate as follows. Sender selects exponent s∈R .

C1=M Ys C2=gs

C3= (∏ ,∈ ) s

C4= ( s =

CT=C1, C2, C3,C4 Decrypt(SK,CT) : The decryption algorithm takes SK of user and ciphertext CT as input and return message M if attributes in SK satisfy the access policy of CT otherwise NULL. Assume AS ⊆ L and AS = W. After identifying the AS, user just multiplies all the related values, which were given in the secret key.

= C1 e(gr,C2) e(C3,gr) e(C4, / ) e(C2 , (∏ ∈ ) r ) = M e(g,g)y s e(g,g)r s e(g,g)r s p e(gs,gy+r) e(gs,gr q) = M Here p=∑ ,, ∈ and q=∑ ,, ∈

The proposed algorithm deals with the constant length ciphertext in a typical multi-authority ABE system. Under the assumption that the attributes in a policy must be a subset of attributes in user’s secret key, and that there is a trusted CA responsible for the user and the key management, our algorithm ensures constant length ciphertext. The proposed approach is also collusion resistant because no two users have the same r values for their key as we show earlier. In addition, if one of the AA is compromised then also the scheme is safe due to the distinct keys of the users under one AA. The only way the scheme can be compromised is if the AAs and the CA collude – which a very remote possibility is. Construction of secret keys , Here we assume that ∑ ,, ∈ ∑ ,, ∈ . If there exists AS ⊆ L and AS ⊆ L’ such that ∑ ,, ∈ =∑ ,, ∈ than L’ can decrypt W, where L’ W and L W. This assumption holds with given probability where N= ∏ . … = 1 > (1- >

(1- .

International Conference on Computer & Communication Technology (ICCCT)-2011

454

1) Security Analysis Here we assume that CA and all the attribute authorities are combined. Theorem 1: The proposed multi-authority CP-ABE scheme satisfies the indistinguishability of messages under the DBDH assumption. Proof: Assume that the adversary A wins the selective game for multi authority CP-ABE with the advantage . So we can construct simulator X that will break the DBDH assumption with advantage (1- ) where N= ∏ which is number of access structure. The DBDH challenger generates a,b,c,z∈R , ∈R {0,1} and , where is the generator for group G so

Z = e( , )abc if = 0 = e( , )z otherwise

The DBDH challenger gives ( , a, b, c,Z)∈G G1 to X. Now A gives the challenge access structure W* to X. Let W*=[W1*,W2*,…,Wk*]. X selects u ∈R and sets h= u and Y=e( a, b)=e( , )ab. For , {i ∈ [1,n], j ∈ [1, ]} ∈R X computes private keys , {i ∈ [1,n], j ∈ [1, ]} and public keys , ∈ 1, , ∈ 1, as follows. , = , if( , = )

= b , otherwise , = , if( , ) = , otherwise.

X gives MPK=(e, ,h,Y, , {i ∈ [1,n], j ∈ [1, ]} ) to A. For Extract query L there exists , = Li and , W* because L W*. So we can write ∑ ,, ∈ L = X1+bX2 where X1, X2 ∈ . Here X1 and X2can be represented as sum of , value. It means X can calculate X1 and X2, it selects ∈R and set r = and compute SKL as follows

SKL={ , ,

, ∈ L , , } Therefore, SKL is a valid secret key as follows

= = / .

= = and , , = , = , . Attacker A will identify set AS ⊆ L and calculate ∏ ,, ∈ AS = ∑ ,, ∈ AS If X2 = 0 mod p holds than there exists AS ⊆ L such that ∑ ,, ∈ AS = ∑ ,, ∈W . Therefore, the probability is at

most as given in previous section. Now the challenger X chooses ∈ R{0,1} and computes c1*= Zu,c2*= c, c3*=

∑ ,, ∈W , c4*=hc and sends < c1*,c2*,c3*,c4*,W*> to A. A outputs guess ∈{0,1}. X

outputs 1 if = or outputs 0 if . There will be two cases

(i) If Z=e( , )abc then A’s advantage is , so

Pr[x 1 |Z= e( , )abc]=Pr[ • = |Z=e( , )abc]=1/2 + .

(ii) If Z=e( , )z then A has no advantage to

distinguish bit , hence Pr[x 0|Z= e( , )z]=Pr[ • |Z= e( , )z]=1/2.

From (i) and (ii) it follows that X’s advantage in this DBDH game is (1- ). Currently we had used symmetric bilinear map in this proof. our scheme can also be proven with asymmetric bilinear map like e: G1 G2 GT over MNT curve [20], where G1 and G2 are two different groups, in this case we can also prove the indistinguishability under DBDH assumptions over G2[21].

IV. CONCLUSION AND FUTURE WORK In this paper, we propose two schemes for multi authority

CP-ABE. One is deal with variable length and other deal with constant length ciphertext for a multi-authority ABE system under the constraint that the number of attributes in the ciphertext policy is a subset of attributes in the receiver’s secret key. Our approach is based on the AND-gates on multi-valued attributes. Our scheme does not provide recipient’s anonymity. In future, we intend to make this scheme for threshold ABE and add features like the recipient’s anonymity and to make the scheme fully secure.

ACKNOWLEDGMENT We thank to anonymous reviewers of ICCCT 2011 for giving their thoughtful feedback, which improved the quality of paper.

REFERENCES [1] Rivest, R., Shamir, A., and Adleman, L. A method for obtaining

digital signatures and public-key cryptosystems. Comm. A CM 21, 2 (Feb. 1978), 120-126.

[2] Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985).

[3] Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005).

[4] Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for • ne-grained access control of encrypted data. In: Proceedings of Computer and Communications Security, CCS 2006, pp. 89–98. ACM, New York (2006).

[5] Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Society Press, Los Alamitos (2007).Goyal, V., Jain, A., Pandey, O., Sahai, A.:

[6] Bounded ciphertext policy attribute-based encryption. In: Aceto, L., Damg˚ard, I., Goldberg, L.A., Halld´orsson, M.M., Ing´olfsd´ottir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 579–591. Springer, Heidelberg (2008).

International Conference on Computer & Communication Technology (ICCCT)-2011

455

[7] Waters, B.: Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Cryptology ePrint report 2008/290 (September 1, 2008).

[8] Daza, V., Herranz, J., Morillo, P., R` afols, C.: Extended access structures and their cryptographic applications. To appear in Applicable Algebra in Engineering, Communication and Computing (2008), http://eprint.iacr.org/2008/502.

[9] Shamir, A.: How to share a secret. Communications of the ACM 22, 612–613 (1979).

[10] Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. To appear in Proceedings of Eurocrypt 2010 (2010), http://eprint.iacr.org/2010/110.

[11] Emura, K., Miyaji, A., Nomura, A., Omote, K., Soshi, M.: A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 13–23. Springer, Heidelberg (2009).

[12] Javier Herranz , Fabien Laguillaumie , and Carla R`afols : Constant Size Ciphertexts in Threshold Attribute-Based Encryption. In PKC 2010, LNCS 6056, pp. 19–34, 2010.

[13] Delerabl´ ee, C., Pointcheval, D.: Dynamic threshold public-key encryption. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 317–334. Springer, Heidelberg (2008).

[14] Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007)

[15] Lewko, A., Waters, B.: Decentralizing attribute-based encryption. Cryptology ePrint Archive, Report 2010/351 (2010), http://eprint.iacr.org/

[16] Vladimir Bozovic and Daniel Socek and Rainer Steinwandt and Viktoria I. Villanyi.: Multi-authority attribute based encryption with honest-but-curious central authority. Cryptology ePrint Archive, Report 2009/083 (2009), http://eprint.iacr.org/

[17] Müller S, S. Katzenbeisser, and C. Eckert, Distributed attribute-based encryption. ICISC 2008, LNCS 5461, pp. 20–36, 2009. Springer-VerlagBerlin Heidelberg 2009.

[18] Muller, S., Katzenbeisser, S., and Eckert, C. 2009. On multi-authority ciphertext-policy attribute-based encryption. Bulletin of the Korean Mathematical Society 46, 4 (July), 803–819.

[19] Lin, Huang and Cao, Zhenfu and Liang, Xiaohui and Shao, Jun. Secure Threshold Multi Authority Attribute Based Encryption without a Central Authority. INDOCRYPT 2008. LNCS 5365, pp. 426-436, Springer-VerlagBerlin Heidelberg 2008.

[20] Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for fr-reduction. IEICE transactions on fundamentals of electronics, communications and computer sciences 84(5), 1234–1243 (2001).

[21] Abdalla, M., Dent, A.W., Malone-Lee, J., Neven, G., Phan, D.H., Smart, N.P.: Identity-based traitor tracing. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS,vol. 4450, pp. 361–376. Springer, Heidelberg (2007).

International Conference on Computer & Communication Technology (ICCCT)-2011

456